Effective risk management in law firms has never been more important. Lawyers must contend with the long-standing risks associated with the practice of law, such as anti-money laundering and issues of client confidentiality, as well as new risk areas such as data protection and cybersecurity, and increased regulatory burdens. Poor handling of these risks can lead to reputational damage, diminished client relationships, and even regulatory action, and so it is critical for law firms to remain vigilant and put in place robust risk management policies, processes and systems.
Risk Management in Law Firms brings together lawyers, consultants and other risk and compliance professionals to provide expert and practical guidance on essential risk management topics. Chapters cover risks relating to clients, internal operations and law and regulation, and address recent developments including issues arising from the shift to hybrid working, the increased focus on ESG and climate change, and the extended influence of clients through outside counsel guidelines. There is also consideration of the future of risk management with coverage of the proposed changes to the SRA Codes of Conduct to address issues relating to wellbeing and unfair treatment at work, and the commercial opportunities for law firms and individual lawyers presented by the increasingly flexible principles-based regulation.
This title aims to help law firm leaders and individual lawyers understand and prepare for the risks they face – as well effectively handle them when issues do arise – whether they occur in the firm’s internal operations or its dealings with clients. In-house counsel and others will also find it useful to understand their law firm colleagues better, enhancing professional relationships. With the comprehensive coverage of key risk areas in this title, lawyers and firms can not only ensure compliance, but also maintain healthy client relationships, educated staff, a positive reputation, and continued success and growth.
表中的内容
Executive summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
About the authors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
Chapter 1: Managing risks in the hybrid “office”
By William Glynn, legal director, and Niya Phiri, partner, Clyde & Co LLP
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
People risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Operational risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Data/IT risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Legal/regulatory risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Chapter 2: Climate change and ESG risks for lawyers
By Alexia Howard, senior associate, and Simon Konsta, partner, Clyde & Co LLP
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
What is ESG? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Reputational risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Transition and transactional risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Corporate disclosure and liability risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Greenwashing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Diversity and inclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Chapter 3: Data protection
By Nigel Miller, founding partner, Fox Williams LLP
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Data protection principles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Lawful ground for processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Accountability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Data processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Individual rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Personal data breach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
International data transfers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Marketing and cookies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Chapter 4: Cybersecurity: an existential risk for law firms
By Simon Chester, counsel, conflicts and regulatory matters, and Sandy Gill, assistant general counsel, Gowling WLG (Canada) LLP
Regulatory requirements……………………………………….. 45
Client pressures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Cloud computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Remote working . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Policies and procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Insider risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Assessing precautions………………………………………….. 52
Insurance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Planning for breach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Next steps…………………………………………………….. 58
Chapter 5: Criminal finances and investigations
By Anousheh Bromfield, senior associate, and Charles Kuhn, partner, Clyde & Co LLP
Introduction and types of financial crime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Investigations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Privilege . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Representation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Jurisdiction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Specific considerations for certain offences in law firms – (section 330 POCA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Chapter 6: Anti-money laundering – are you doing enough to protect your firm?
By Brian Rogers, regulatory director, The Access Group
The money laundering landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Law firm sanctions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
SRA AML thematic reviews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
AML guidance…………………………………………………. 75
AML governance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Firm (practice)-wide risk assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Client/matter level risk assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
AML policies, controls, and procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Chapter 7: Professional indemnity insurance
By Rebecca Atkinson, director of risk and compliance, Howard Kennedy
The requirement to have professional indemnity insurance . . . . . . . . . . . 81
How much insurance cover to buy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
What a circumstance is, when and how to notify possible claims to insurers, and who will handle the claim . . . . . . . . . . . . . . . . . . . . . . 83
Should you rectify mistakes? Beware own interest conflict . . . . . . . . . . . . 85
PI insurance renewal – what happens each year and top tips for renewal: how to present your firm well . . . . . . . . . . . . . . . . . . . . . . . . . 86
Possible PI insurance exclusions for sanctioned entities and certain types of work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
A short note about cybercrime insurance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Limiting liability clauses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Chapter 8: Protecting partner assets
By Frank Maher, partner, Legal Risk LLP
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Professional indemnity insurance and the exclusions . . . . . . . . . . . . . . . . . . 92
Retirement and professional indemnity insurance . . . . . . . . . . . . . . . . . . . . . 95
Defensive practice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Insurance options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Chapter 9: SRA compliance
By Rebecca Atkinson, director of risk and compliance, Howard Kennedy
What is the SRA and when do you need to be authorized by it? . . . . . . . 101
How to get authorized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
The annual reauthorization process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
The SRA Standards and Regulations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
SRA Enforcement Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
The COLP and COFA role and reporting requirements . . . . . . . . . . . . . . . . . 113
Ethics and how to approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
SRA warning notices and guidance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Chapter 10: Mitigating risk through your client journeys and practices
By Peter Noyce, head of legal sector, Menzies LLP
Take on process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Throughout the transaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Financial disciplines and controls should also be part of the toolkit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Chapter 11: Outside counsel guidelines
By Noah Fiedler, shareholder and co-leader of the Attorney Risk Management Practice Group, Barron & Newburger, P.C.
Comprehensive outside counsel guidelines become standard . . . . . . . . . 125
Indemnity provisions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Defining conflicts of interest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Managing the risk of OCGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
OCGs are here to stay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Chapter 12: Conflicts of interest and confidentiality duties – effective risk management
By Tracey Calvert, founder and director, Oakalls Consultancy Limited
Own interest conflict . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Conflicts of interests when acting for clients . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Confidentiality and disclosure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Risk management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Risk compliance objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Risk management pinch points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Compliance solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
The bigger picture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Chapter 13: Complaints
By Rebecca Atkinson, director of risk and compliance, Howard Kennedy
The requirements regarding complaints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
What should the complaints handling process be and who should undertake complaint handling in the firm? . . . . . . . . . . . . . . . 144
How to effectively handle complaints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Complaints made by non-clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
How to handle online reviews – good or bad . . . . . . . . . . . . . . . . . . . . . . . . . . 149
The Legal Ombudsman Scheme Rules, publication, and case fee . . . . . 150
Further guidance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Chapter 14: Effective supervision in remote and hybrid teams
By Jamie Butler, executive coach and facilitator and founder, Jamie Butler Coaching Limited
Why is good supervision important? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Risks, challenges, and opportunities of remote supervision . . . . . . . . . . . . 156
Core skills and characteristics of an effective remote supervisor . . . . . . 156
Setting “ground rules” to establish responsibility and build trust . . . . . . 157
Communicating for effectiveness and productivity . . . . . . . . . . . . . . . . . . . 158
Maximizing engagement, inclusion, and wellbeing . . . . . . . . . . . . . . . . . . . . 158
Hybrid working – developing approaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Hybrid working and supervision – opportunities and challenges . . . . . . 161
“Supervisor as coach” skills – managing from a distance . . . . . . . . . . . . . . 162
Chapter 15: Lateral hiring in law firms – risks and reward
By Ruth Bonino, professional support lawyer, and Chris Holme, partner, Clyde & Co LLP
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Basic legal, ethical, and regulatory obligations of partners in UK law firms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Setting the scene . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
The due diligence process – how to avoid overstepping the mark . . . . . 168
Pre-employment vetting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Conflict checks – how to avoid breaching confidentiality obligations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Integration issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Key rules of the road . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Chapter 16: Culture matters – a new era for law firm risk management
By Jessica Clay, partner, Iain Miller, partner, and Lucinda Soon, professional support lawyer, Kingsley Napley
Ethical culture under the spotlight . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Assessments of unfair treatment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Concurrent employment claims . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Challenging behavior that does not meet the standard . . . . . . . . . . . . . . . 179
Personal and professional boundaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Chapter 17: Innovation and the opportunities in flexible regulation
By Jonathon Bray, director, Jonathon Bray Limited
Regulation-led innovation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
CMA report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Deregulation-led innovation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Other external factors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Ten years of ABSs – evolution rather than revolution? . . . . . . . . . . . . . . . . . 190
Innovation is easier said than done……………………………… 192
About Globe Law and Business . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195